Getting hacked is an unfortunate part of being on the Internet today. The cold hard truth is that if you want to stay 100% digitally secure, then stay off the Internet. But it’s not all doom and gloom — by using some simple, yet effective security measures, you can make any hackers dream of getting into your accounts, an absolute nightmare.

Always Use Strong Passwords

The sheer amount of people that still use extremely basic passwords is astonishing. For example, I recently had a client whose password for PayPal was something along the lines of “doggybag” and this was for a dog treat company! Even the most inexperienced of hackers could break that password in a matter of minutes.

Make Your Passwords Unique

What’s the point in having an incredibly difficult password if you’re using the same password across all online accounts? Say for example, that you were unlucky enough to be one of the 250,000 Twitter accounts that got hacked> recently.

If this hacker got hold of your password and it was the same for everything else, they could get into all of your online accounts very easily, and once they’re in, it’s very difficult for you to gain control again. If you don’t believe me, take a look at this article by journalist Mat Honan who was the victim of a very large, and malicious attack on his personal accounts.

I am a heavy user of LastPass myself and I actually don’t have a clue what any of my passwords are as LastPass manages them all for me. Since it’s Web based, I can use it on all of my machines and mobile devices.

Setup Two-Factor Authentication

So by now you should have completely unique and incredibly strong passwords for all of your online accounts. That’s great, but you can still make things more secure — I told you it would be hard for these hackers!

LastPass supports Google Authenticator, an app that displays a code which changes every 30 seconds. After you log in with your normal password, you will be prompted to enter the current code on your phone. So not only would a hacker need to get hold of your password, but they would also need your phone as well.

Use A Separate Email Address For Password Recovery

Most websites have a forgot password link on their login page, so that you can reset your password in the event of losing it. They usually do this by emailing you a unique link that you can use to reset your password.

But what if hackers somehow get into your main email account, then try to send themselves password recovery emails, so that they can get into all of your other accounts? Your strong, unique passwords are pretty useless now.

But all is not lost, you can set up a second email account and use that for password recovery. So even if a hacker does get into your main email account, they won’t be able to access anything else. The recovery email address can usually be specified from within your account settings.

This email address doesn’t even need to make sense, as you won’t be using it for sending mail. fgjflfehjeu@gmail.com would be absolutely fine, just remember to set up two-factor authentication on it, and put the details in your password manager.

You have to use this on a case-by-case basis. Many services usually send reset details to the same email address you’ve used to create your account, which could be your primary email address or one of its aliases.

Conclusion

As you can see from the Google Authenticator screenshot above, I abide by these guidelines for my own online protection, and I’m yet to be hacked (that’s not an invitation to try by the way). Remember, nothing is hacker proof, but employing good security practices will certainly make the job a lot more difficult for any would be hacker.

Do you have a different way of securing your online accounts? If so, please feel free to share in the comments section below.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Allan Monteclaro

October 23, 2013 at 7:07 am

Here's a tip I've read from somewhere in www. Choose your favorite book. Open a random page. The first words that capture your attention will be you base password, add to it the page number and a delimiter. Here's an example:

People often use the same password for their several online accounts. I mean, who would want to memorize hundreds of passwords right? Using the base password above, you can use it for multiple account by adding a descriptive word/phrase after the delimiter. For example,

For stronger password, more delimiters can be added, or capitalize several characters like:

fOrbidden%qUidditch%fOrest218%

I've tested the passwords above using http://www.passwordmeter.com/. Here are the results:
ForbiddenQuidditchForest218% --> 100% with warning for repeat characters, consecutive lowercase letters, and consecutive numbers. Same rating for the other passwords with descriptive words.

fOrbidden%qUidditch%fOrest218% --> 100%

That's just a tip for someone who uses multiple computers with multiple users. Although, I still strongly suggest using a password manager.

I would take Passfault's estimate of a password's strength with a pound of salt. I entered the 26 letters of the alphabet in order into the Test It box and Passfault estimated that it would take 8 quadrillion centuries to crack the password which we all know is a bunch of horse puckey. Even a beginner hacker can crack that password in seconds.

You can setup 2-factor authentication with LastPass thought a number a means, not just Google Authenticator. If you don't have a mobile device, then you can use it with a Yubi Key.

How does 2-factor authentication expose the mobile device exactly? The hacker would never have access to your device, as the vast majority of exploits are performed remotely.

The authentication server will have the seed, your device will have the token, the token and the seed "sync" when you first set it up and then the code generated randomly using an algorithm. At no point does your mobile device "speak" to the Internet for 2-fa. So I fail to see how you mobile device can be exposed.

I've used KeePass a lot in the past, it's a great product. However, the browser syncing, auto login out of the box, and the advanced security features, like 2-factor authentication, really make LastPass a winner for me.

The only downside to LastPass is that you have to have a premium account to use the mobile apps, however, for $12 a year (or free through our rewards system if you have 250 points spare), you can't really complain.

Kev is a Cyber Security professional from North West of England who has a passion for motorbikes, web design & writing. He is a self confessed uber-geek and open source advocate. You can usually find him hanging around on Twitter or his personal website.